Author Topic: Hacking the Rigol DHO800/900 Scope  (Read 1356621 times)

tonywood and 22 Guests are viewing this topic.

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16801
  • Country: 00
Re: Hacking the Rigol DHO800/900 Scope
« Reply #25 on: September 24, 2023, 08:41:12 pm »
So, probably some code leftovers.

So that firmware updates will be compatible with pre-release 'scopes.
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16801
  • Country: 00
Re: Hacking the Rigol DHO800/900 Scope
« Reply #26 on: September 24, 2023, 08:42:08 pm »
I don't have the scope (yet) so I can't tell you what each code means. Sorry

Me either.  :D

I'm 100% sure it'll be possible, it's just a question of how many hoops need to be jumped through.
 

Offline ptluis

  • Frequent Contributor
  • **
  • Posts: 333
  • Country: pt
Re: Hacking the Rigol DHO800/900 Scope
« Reply #27 on: September 24, 2023, 08:45:47 pm »
The HDO was Rigol's initial designation before having to change to DHO.

Regarding the lics generation, look into the HDO/DHO1000/4000 thread. It's all there so there is no need to reinvent the wheel.

Fungus see what tv84 wrote  :-+ If the same process works on DHO800/900 it would be easy to activate just what we need.
 

Offline akkk44

  • Contributor
  • Posts: 29
  • Country: cn
Re: Hacking the Rigol DHO800/900 Scope
« Reply #28 on: September 25, 2023, 01:15:50 am »
The HDO was Rigol's initial designation before having to change to DHO.

Regarding the lics generation, look into the HDO/DHO1000/4000 thread. It's all there so there is no need to reinvent the wheel.

Fungus see what tv84 wrote  :-+ If the same process works on DHO800/900 it would be easy to activate just what we need.

I had tried the method for HDO1000/4000 scope and managed to unlock the 70MHz to 100MHz upgrade on my DHO804, and @hubertyoung managed to add the BODE option with the every same methpod. Therefore, I can confirmed that the existing method still works perfectly fine.
 
The following users thanked this post: Fungus, ptluis

Offline akkk44

  • Contributor
  • Posts: 29
  • Country: cn
Re: Hacking the Rigol DHO800/900 Scope
« Reply #29 on: September 25, 2023, 01:19:12 am »
I was sniffing Dave's DHO800 dump file and found references to 2 other models whose initial letters were swapped. Should they be the same models but launched in another country? maybe yes maybe no.

They were called "HDO" when they were announced but that turned out to be a trademark (of Lecroy?) or something so they changed it to "DHO".

The firmware probably works both ways.

While messing around with my DHO804, I happened to somehow made it identify it self as HDO1074, which is interesting.
https://lh3.google.com/u/0/d/1xLgXzNZY_h51uqBLpfh9jRs5dM9yPVog=w3840-h1984-iv1
« Last Edit: September 25, 2023, 01:20:56 am by akkk44 »
 
The following users thanked this post: ptluis

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16801
  • Country: 00
Re: Hacking the Rigol DHO800/900 Scope
« Reply #30 on: September 25, 2023, 01:33:42 am »
I had tried the method for HDO1000/4000 scope and managed to unlock the 70MHz to 100MHz upgrade on my DHO804, and @hubertyoung managed to add the BODE option with the every same methpod. Therefore, I can confirmed that the existing method still works perfectly fine.

What about 50mpts memory? That's not an official option so it might need a different method.

(same with 125MHz bandwidth...)
 

Offline souldevelop

  • Regular Contributor
  • *
  • Posts: 54
  • Country: cn
  • Serious and rigorous
Re: Hacking the Rigol DHO800/900 Scope
« Reply #31 on: September 25, 2023, 06:08:36 am »
Hi all, attached is the DHO tool I created, I hope it will be more helpful to you guys.
You can now use the latest firmware version and upgrade with it, which will no longer have the problem of zero potential offset. Its only drawback is that upgrading from the 800 series to the 900 series may not be correct across series.

« Last Edit: September 25, 2023, 06:20:45 am by souldevelop »
Darkness before dawn.
 
The following users thanked this post: Mechatrommer, thm_w, tcottle, Houseman, wxqhigh, ptluis, artik, Nikki Smith, akkk44, Bidi533

Offline souldevelop

  • Regular Contributor
  • *
  • Posts: 54
  • Country: cn
  • Serious and rigorous
Re: Hacking the Rigol DHO800/900 Scope
« Reply #32 on: September 25, 2023, 06:10:06 am »
The forum setting cannot exceed 5Mb, which is embarrassing.

This Pack A

The version has been updated
v1.0.2
« Last Edit: October 06, 2023, 01:15:50 pm by souldevelop »
Darkness before dawn.
 
The following users thanked this post: Mechatrommer, Houseman, ptluis

Offline souldevelop

  • Regular Contributor
  • *
  • Posts: 54
  • Country: cn
  • Serious and rigorous
Re: Hacking the Rigol DHO800/900 Scope
« Reply #33 on: September 25, 2023, 06:10:39 am »
This is Pack B
Darkness before dawn.
 
The following users thanked this post: Mechatrommer, Houseman, Serg65536, ptluis

Offline souldevelop

  • Regular Contributor
  • *
  • Posts: 54
  • Country: cn
  • Serious and rigorous
Re: Hacking the Rigol DHO800/900 Scope
« Reply #34 on: September 25, 2023, 06:20:12 am »
Theoretically, DHO800 series upgrade to DHO900 or DHO1000, the system in addition to checking the device model recorded in the Vendor .bin, RigolAPP also detects some bit bits on the hardware motherboard, so to perfectly skip this detection must build a driver to hook out the bit information read from the hardware. I firmly believe that the whole detection is no more.
Darkness before dawn.
 
The following users thanked this post: thm_w, ptluis, RAPo, akkk44

Offline akkk44

  • Contributor
  • Posts: 29
  • Country: cn
Re: Hacking the Rigol DHO800/900 Scope
« Reply #35 on: September 25, 2023, 07:52:27 am »
Theoretically, DHO800 series upgrade to DHO900 or DHO1000, the system in addition to checking the device model recorded in the Vendor .bin, RigolAPP also detects some bit bits on the hardware motherboard, so to perfectly skip this detection must build a driver to hook out the bit information read from the hardware. I firmly believe that the whole detection is no more.

Thanks a lot for your hard work!
I tried writing the idendity to 924 on my 804. However, the drift still presents and can not be eliminated by self-cal. Did I missed something? Many thanks.
 

Offline souldevelop

  • Regular Contributor
  • *
  • Posts: 54
  • Country: cn
  • Serious and rigorous
Re: Hacking the Rigol DHO800/900 Scope
« Reply #36 on: September 25, 2023, 08:25:11 am »
Theoretically, DHO800 series upgrade to DHO900 or DHO1000, the system in addition to checking the device model recorded in the Vendor .bin, RigolAPP also detects some bit bits on the hardware motherboard, so to perfectly skip this detection must build a driver to hook out the bit information read from the hardware. I firmly believe that the whole detection is no more.

Thanks a lot for your hard work!
I tried writing the idendity to 924 on my 804. However, the drift still presents and can not be eliminated by self-cal. Did I missed something? Many thanks.

I emphasized, there is still one step left to do, different series of upgrades 800\900\1000 we need to develop a hook driver to mount to the device to let the system detect that hardware you specified to complete this step will end all hacks, but this work takes time, please wait....
« Last Edit: September 25, 2023, 08:27:11 am by souldevelop »
Darkness before dawn.
 
The following users thanked this post: artik, akkk44

Offline hbozyq

  • Contributor
  • Posts: 31
  • Country: cn
Re: Hacking the Rigol DHO800/900 Scope
« Reply #37 on: September 25, 2023, 09:11:58 am »
Hero arrived!
 

Online tv84

  • Super Contributor
  • ***
  • Posts: 3251
  • Country: pt
Re: Hacking the Rigol DHO800/900 Scope
« Reply #38 on: September 25, 2023, 10:34:56 am »
RigolAPP also detects some bit bits on the hardware motherboard, so to perfectly skip this detection must build a driver to hook out the bit information read from the hardware. I firmly believe that the whole detection is no more.

What does the app do with those bits? In what form are they related to model and/or options?
 

Offline souldevelop

  • Regular Contributor
  • *
  • Posts: 54
  • Country: cn
  • Serious and rigorous
Re: Hacking the Rigol DHO800/900 Scope
« Reply #39 on: September 25, 2023, 11:15:19 am »
RigolAPP also detects some bit bits on the hardware motherboard, so to perfectly skip this detection must build a driver to hook out the bit information read from the hardware. I firmly believe that the whole detection is no more.

What does the app do with those bits? In what form are they related to model and/or options?

so easy, it is the hardware version:

         model                                                   hardware version
DHO804 and DHO814                                             12   
DHO802  DHO812                                                   4     
DHO914S DHO924S  DHO914   DHO924                   8     
DHO1072                                                               9     
DHO4000                                                               0

RIGOL manages the driver location for the hardware version :  /rigol/driver/hdcode_gpio.ko

root@rigol:~/rigol/driver# modinfo hdcode_gpio.ko
filename:       /rigol/driver/hdcode_gpio.ko
license:        GPL
description:    gpio-hdcode devices driver
author:         rigol sn03950
depends:
intree:         Y
vermagic:       4.4.126 SMP preempt mod_unload modversions aarch64

All secrets have been revealed, I wish you guys fun.
 :-DD




« Last Edit: September 25, 2023, 11:23:36 am by souldevelop »
Darkness before dawn.
 

Online tv84

  • Super Contributor
  • ***
  • Posts: 3251
  • Country: pt
Re: Hacking the Rigol DHO800/900 Scope
« Reply #40 on: September 25, 2023, 11:26:54 am »
What does the app do with those bits? In what form are they related to model and/or options?

so easy, it is the hardware version:

         model                                                   hardware version
DHO804 and DHO814                                             12   
DHO802  DHO812                                                   4     
DHO914S DHO924S  DHO914   DHO924                   8     
DHO1072                                                               9     
DHO4000                                                               0

 

Can't you change the table in software? Is the version configured in the OTP SOC area or in a Rigol ASIC?
 

Offline souldevelop

  • Regular Contributor
  • *
  • Posts: 54
  • Country: cn
  • Serious and rigorous
Re: Hacking the Rigol DHO800/900 Scope
« Reply #41 on: September 25, 2023, 11:29:14 am »
What does the app do with those bits? In what form are they related to model and/or options?

so easy, it is the hardware version:

         model                                                   hardware version
DHO804 and DHO814                                             12   
DHO802  DHO812                                                   4     
DHO914S DHO924S  DHO914   DHO924                   8     
DHO1072                                                               9     
DHO4000                                                               0

 

Can't you change the table in software? Is the version configured in the OTP SOC area or in a Rigol ASIC?


The RK3399 chip corresponds to the GPIO in the hardware version number:

bit0= GPIO0_A4   PIN 4   
bit1= GPIO0_B0   PIN 8
bit2= GPIO0_B3   PIN 11
bit3= GPIO0_B4   PIN 12

I don't have a cross-compilation environment for RK3399 here, if anyone can compile a hdcode_gpio.ko by themselves to replace the original factory, you can achieve hardware version number customization.
Darkness before dawn.
 

Offline iMo

  • Super Contributor
  • ***
  • Posts: 4882
  • Country: vc
Re: Hacking the Rigol DHO800/900 Scope
« Reply #42 on: September 25, 2023, 11:35:41 am »
The version number could be in a form of solder bridges on the pcb somewhere as well..
The RK3399 just reads its inputs pins and gets the version number from "somewhere".
« Last Edit: September 25, 2023, 11:42:29 am by iMo »
 

Online tv84

  • Super Contributor
  • ***
  • Posts: 3251
  • Country: pt
Re: Hacking the Rigol DHO800/900 Scope
« Reply #43 on: September 25, 2023, 11:36:50 am »
The RK3399 chip corresponds to the GPIO in the hardware version number:

bit0= GPIO0_A4   PIN 4   
bit1= GPIO0_B0   PIN 8
bit2= GPIO0_B3   PIN 11
bit3= GPIO0_B4   PIN 12

I don't have a cross-compilation environment for RK3399 here, if anyone can compile a hdcode_gpio.ko by themselves to replace the original factory, you can achieve hardware version number customization.

If you lift the PIN 11, all is good, right?  :)

Please share the original file here.
 

Offline souldevelop

  • Regular Contributor
  • *
  • Posts: 54
  • Country: cn
  • Serious and rigorous
Re: Hacking the Rigol DHO800/900 Scope
« Reply #44 on: September 25, 2023, 11:42:27 am »
The RK3399 chip corresponds to the GPIO in the hardware version number:

bit0= GPIO0_A4   PIN 4   
bit1= GPIO0_B0   PIN 8
bit2= GPIO0_B3   PIN 11
bit3= GPIO0_B4   PIN 12

I don't have a cross-compilation environment for RK3399 here, if anyone can compile a hdcode_gpio.ko by themselves to replace the original factory, you can achieve hardware version number customization.

If you lift the PIN 11, all is good, right?  :)

Please share the original file here.


If the GPIO is dangling instead of grounded, or if there is an internal pulldown, there may be a problem.
The only thing I'm not sure about now is whether the GPIO input is fixed resistors or wires or connected to the internal logic circuitry of the FPGA? Capable friends can track RK3399 chip pins by themselves:
GPIO0_A4     4PIN
GPIO0_B0     8PIN
GPIO0_B3    11PIN
GPIO0_B4    12PIN
Darkness before dawn.
 

Offline dreamcat4

  • Frequent Contributor
  • **
  • Posts: 495
  • Country: gb
Re: Hacking the Rigol DHO800/900 Scope
« Reply #45 on: September 25, 2023, 11:43:45 am »

driver location for the hardware version :  /rigol/driver/hdcode_gpio.ko

root@rigol:~/rigol/driver# modinfo hdcode_gpio.ko
filename:       /rigol/driver/hdcode_gpio.ko
license:        GPL
description:    gpio-hdcode devices driver
author:         rigol sn03950
depends:
intree:         Y
vermagic:       4.4.126 SMP preempt mod_unload modversions aarch64

All secrets have been revealed,

hang on... does not this indicate that rigol has this kernel module under gpl license? and also 'intree' to mean it is indeed kernel tree?

because under gpl terms it's necessary to provide the full source code (for this kernel module), at least by writing when requested. or by some other mechanism(s).

so to obtain this kmod code, it remains still. but rigol should be legally obliged to provide it to any customers (at least those who purchased the oscilloscope in 1st instance, and then those customers are subsequently not obliged to sign nda, they are in turn themselves free to openly redistribute it).

this is assuming it is correct infos there (about the gpl license, and it being intree). that this is not been honestly mistaken. and it assumes rigol respects the terms of the linux kernel, and the terms of the gpl license?

 :-//
 

Offline souldevelop

  • Regular Contributor
  • *
  • Posts: 54
  • Country: cn
  • Serious and rigorous
Re: Hacking the Rigol DHO800/900 Scope
« Reply #46 on: September 25, 2023, 11:44:28 am »
The version number could be in a form of solder bridges on the pcb somewhere as well..
The RK3399 just reads its inputs pins and gets the version number from "somewhere".

Maybe.you are right..  8)
Darkness before dawn.
 

Online tv84

  • Super Contributor
  • ***
  • Posts: 3251
  • Country: pt
Re: Hacking the Rigol DHO800/900 Scope
« Reply #47 on: September 25, 2023, 11:46:06 am »
this is assuming it is correct infos there (about the gpl license, and it being intree). that this is not been honestly mistaken. and it assumes rigol respects the terms of the linux kernel, and the terms of the gpl license?

Correct. And I would say they will send you the code.

They sent all the GPL code for the MSO5000 to @Olliver. And he has it on his Github page...
 
The following users thanked this post: dreamcat4

Offline dreamcat4

  • Frequent Contributor
  • **
  • Posts: 495
  • Country: gb
Re: Hacking the Rigol DHO800/900 Scope
« Reply #48 on: September 25, 2023, 11:46:32 am »
ah right... so this is just to identify the hardware alone. it's not general device drivers. sorry my mistake. however at least that can be done easily (with the source code, tweak and rebuild new kmod).
 

Offline niino

  • Contributor
  • Posts: 18
  • Country: de
Re: Hacking the Rigol DHO800/900 Scope
« Reply #49 on: September 25, 2023, 11:47:42 am »
Can anyone give an overview over the H/W variants of the 800/900 series scopes? E.g. which ones do have hardware capabilites preinstalled for the AWG and stuff like that.

Are all DHO900 series scopes identical hardware-wise, since all of them have the LA connector preinstalled as well as the AWG output at the back? I'd like to avoid having to cut into the case, so I'd go for the DHO914 in that case, as long as all the DHO924S features can be hacked software-wise.
« Last Edit: September 25, 2023, 11:51:34 am by niino »
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf